Vulnerabilities > Videolan
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2017-8310 | Out-of-bounds Read vulnerability in Videolan VLC Media Player Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | 5.5 |
| 2017-03-28 | CVE-2014-6440 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC 2.1.4 VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | 7.5 |
| 2016-06-08 | CVE-2016-5108 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | 7.5 |
| 2016-04-18 | CVE-2016-3941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." | 4.3 |
| 2014-12-26 | CVE-2010-1445 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session. | 7.5 |
| 2014-12-26 | CVE-2010-1442 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer. | 7.5 |
| 2014-12-26 | CVE-2010-1441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder. | 7.5 |
| 2014-05-14 | CVE-2014-3441 | Buffer Errors vulnerability in Videolan VLC Media Player 2.1.3 codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. | 4.3 |
| 2014-03-21 | CVE-2013-7340 | Resource Management Errors vulnerability in Videolan VLC Media Player VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. | 4.3 |
| 2014-01-23 | CVE-2013-6934 | Numeric Errors vulnerability in multiple products The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. | 7.5 |